Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

How To Block All Internet Traffic If Not VPN Connected...

A core mission of cryptostorm is ensuring consistent, reliable network security with minimal fuss & drama. From DNS-based services like our DeepDNS in-browser native .onion/.i2p site access, through grounbreaking research on IP6 leakblocking, & to firewall-based structures to enable "fail-closed" security, this is where we discuss & develop cryptostorm-style leakblock tech.
User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

How To Block All Internet Traffic If Not VPN Connected...

Postby Pattern_Juggled » Thu Jan 10, 2013 5:47 am

How To Block All Internet Traffic / Connections If Not Connected to a VPN
MONDAY, MAY 16, 2011


This post will outline a method using the Windows 7 Firewall to block all Internet traffic unless you are connected to your VPN.

This post assumes you have already followed the steps in the earlier post, How to only use the VPN Connection and Block ISP.

If you implement these rules, your system will have no Internet access unless you are connected to your VPN. That is to say, your system will be connected to the Internet, but no traffic can get in or out unless specifically permitted by a separate firewall rule. If a rule allowing an application exists, that application's traffic will still be able to pass through the firewall.

I have used these rules on my system without ill effect (Windows 7 Home Premium 64-bit). Depending on what other applications you use, you will likely have to create additional rules. If you break your system, don't blame me. Always back up before messing with system settings, and take notes as you go.

It is possible this method could still potentially leak data by way of the system process svchost.exe. If you attempt to block svchost.exe, your PC will not be able to communicate with your router/modem, and you really will have blocked all network functionality - i.e. nothing will work.

That being said, I have monitored VPN disconnects using TCPView and spotted no leaks - just all processes (including system processes) engaged in Internet traffic instantly changing from ESTABLISHED to TIME_WAIT, and shortly thereafter vanishing.

If this method is too restrictive / complex for you (or if you use Windows XP / 2000 or Mac OS X), you may wish to consider using a VPN service offering a VPN client that allows you to securely bind applications to the VPN, such as HideMyAss:


Steps:

1. Open Windows Firewall with Advanced Security (in this guide, start at step #4)

2. Select Inbound Rules. The New Inbound Rule Wizard will appear.

3. Select Custom Rule (see below).

Image

4. Select All Programs.

5. Select Any IP Address, for both Local and Remote.

6. Select Block The Connection (see below).

Image

7. Select Domain and Private, leaving Private and Public unticked (see below)

Image

8. Name your rule and click Finish. Repeat steps 1 through 8 for Outbound Rules.

9. In the Windows Firewall with Advanced Security window, select Windows Firewall Properties (see below).

Image

10. In the resulting window, choose to block both inbound and outbound traffic for the Domain and Private profiles (see below). You may also want to block outbound traffic on the Public profile as well, but you will need to create specific allow rules for every application that needs Internet access.

Image

You should test your configuration at this point to ensure it is working. Connect to your VPN, start up some downloads, and disconnect. All traffic should die immediately.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


anon
Posts: 5
Joined: Thu Oct 10, 2013 8:53 pm

Re: How To Block All Internet Traffic If Not VPN Connected..

Postby anon » Sat Dec 14, 2013 10:41 am

What about Linux/Mac OS ?

User avatar

DesuStrike
ForumHelper
Posts: 346
Joined: Thu Oct 24, 2013 2:37 pm

Re: How To Block All Internet Traffic If Not VPN Connected..

Postby DesuStrike » Sat Dec 14, 2013 2:27 pm

anon wrote:What about Linux/Mac OS ?


I'm short on time but basically you do this with iptables. Look here to get a feeling how it works and how it should look. You have to modify it to work with your individual setup. There is no one size fits all solution at this time right now.
home is where the artillery hits


Return to “DeepDNS.net - cryptostorm's no-compromise DNS resolver framework”

Who is online

Users browsing this forum: Bing [Bot] and 3 guests

Login